CVE漏洞

OStack程序员社区-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-28718

Operation restriction bypass vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.5.1 allow a remote authenticated attacker to alter the data of Bulletin.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：111 | 回复：0
CVE-2022-29467

Address information disclosure vulnerability in Cybozu Garoon 4.2.0 to 5.5.1 allows a remote authenticated attacker to obtain some data of Address.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：98 | 回复：0
CVE-2022-29471

Browse restriction bypass vulnerability in Bulletin of Cybozu Garoon allows a remote authenticated attacker to obtain the data of Bulletin.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：110 | 回复：0
CVE-2022-29484

Operation restriction bypass vulnerability in Space of Cybozu Garoon 4.0.0 to 5.9.0 allows a remote authenticated attacker to delete the data of Space.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：109 | 回复：0
CVE-2022-29513

Cross-site scripting vulnerability in Scheduler of Cybozu Garoon 4.10.0 to 5.5.1 allows a remote authenticated attacker with an administrative privilege to execute an arbitrary script.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：108 | 回复：0
CVE-2022-29892

Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to repeatedly display errors in certain functions and cause a denial-of-service ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：111 | 回复：0
CVE-2022-2300

Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.19.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：105 | 回复：0
CVE-2022-2301

Buffer Over-read in GitHub repository hpjansson/chafa prior to 1.10.3.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：109 | 回复：0
CVE-2021-25056

The Ninja Forms Contact Form WordPress plugin before 3.6.10 does not sanitise and escape field labels, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_ht ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：104 | 回复：0
CVE-2021-25066

The Ninja Forms Contact Form WordPress plugin before 3.6.10 does not sanitize and escape some imported data, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilte ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：108 | 回复：0
CVE-2022-0250

The Redirection for Contact Form 7 WordPress plugin before 2.5.0 does not escape a link generated before outputting it in an attribute, leading to a Reflected Cross-Site Scripting……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：119 | 回复：0
CVE-2022-1301

The WP Contact Slider WordPress plugin before 2.4.7 does not sanitize and escape the Text to Display settings of sliders, which could allow high privileged users such as editor and above to perform Cr ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：113 | 回复：0
CVE-2022-1946

The Gallery WordPress plugin before 2.0.0 does not sanitise and escape a parameter before outputting it back in the response of an AJAX action (available to both unauthenticated and authenticated user ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：116 | 回复：0
CVE-2022-1967

The WP Championship WordPress plugin before 9.3 is lacking CSRF checks in various places, allowing attackers to make a logged in admin perform unwanted actions, such as create and delete arbitrary tea ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：170 | 回复：0
CVE-2022-2268

The Import any XML or CSV File to WordPress plugin before 3.6.8 accepts all zip files and automatically extracts the zip file without validating the extracted file type. Allowing high privilege users ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：114 | 回复：0
CVE-2022-33171

** DISPUTED ** The findOne function in TypeORM before 0.3.0 can either be supplied with a string or a FindOneOptions object. When input to the function is a user-controlled parsed JSON object, supplyi ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：121 | 回复：0
CVE-2022-34265

An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc() and Extract() database functions are subject to SQL injection if untrusted data is used as a kind/lookup_name valu ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：125 | 回复：0
CVE-2022-31599

NVIDIA DGX A100 contains a vulnerability in SBIOS in the Ofbd, where a local user with elevated privileges can cause access to an uninitialized pointer, which may lead to code execution, escalation of ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：112 | 回复：0
CVE-2022-31600

NVIDIA DGX A100 contains a vulnerability in SBIOS in the SmmCore, where a user with high privileges can chain another vulnerability to this vulnerability, causing an integer overflow, possibly leading ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：104 | 回复：0
CVE-2022-31601

NVIDIA DGX A100 contains a vulnerability in SBIOS in the SmbiosPei, which may allow a highly privileged local attacker to cause an out-of-bounds write, which may lead to code execution, denial of serv ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：124 | 回复：0
CVE-2022-31602

NVIDIA DGX A100 contains a vulnerability in SBIOS in the IpSecDxe, where a user with elevated privileges and a preconditioned heap can exploit an out-of-bounds write vulnerability, which may lead to c ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：118 | 回复：0
CVE-2022-31603

NVIDIA DGX A100 contains a vulnerability in SBIOS in the IpSecDxe, where a user with high privileges and preconditioned IpSecDxe global data can exploit improper validation of an array index to cause ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：112 | 回复：0
CVE-2022-34829

Zoho ManageEngine ADSelfService Plus before 6203 allows a denial of service (application restart) via a crafted payload to the Mobile App Deployment API.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：118 | 回复：0
CVE-2022-34918

An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a differe ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：123 | 回复：0
CVE-2022-2306

Old session tokens can be used to authenticate to the application and send authenticated requests.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：125 | 回复：0
CVE-2022-2309

NULL Pointer Dereference allows attackers to cause a denial of service (or application crash). This only applies when lxml is used together with libxml2 2.9.10 through 2.9.14. libxml2 2.9.9 and earlie ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：105 | 回复：0
CVE-2022-2097

AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data tha ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：100 | 回复：0
CVE-2021-43702

ASUS RT-A88U 3.0.0.4.386_45898 is vulnerable to Cross Site Scripting (XSS). The ASUS router admin panel does not sanitize the WiFI logs correctly, if an attacker was able to change the SSID of the rou ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：177 | 回复：0
CVE-2022-30289

A stored Cross-site Scripting (XSS) vulnerability was identified in the Data Import functionality of OpenCTI through 5.2.4. An attacker can abuse the vulnerability to upload a malicious file that will ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：101 | 回复：0
CVE-2022-26365

Linux disk/nic frontends data leaks T Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：98 | 回复：0
CVE-2022-2304

Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：97 | 回复：0
CVE-2022-30290

In OpenCTI through 5.2.4, a broken access control vulnerability has been identified in the profile endpoint. An attacker can abuse the identified vulnerability in order to arbitrarily change their reg ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：108 | 回复：0
CVE-2022-33740

Linux disk/nic frontends data leaks T Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：105 | 回复：0
CVE-2022-33741

Linux disk/nic frontends data leaks T Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：109 | 回复：0
CVE-2022-33742

Linux disk/nic frontends data leaks T Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：102 | 回复：0
CVE-2022-33743

network backend may cause Linux netfront to use freed SKBs While adding logic to support XDP (eXpress Data Path), a code label was moved in a way allowing for SKBs having references (pointers) retaine ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：115 | 回复：0
CVE-2022-33744

Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree to keep track of the foreign mappings. Updating of that rbtree is not always done completely w ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：113 | 回复：0
CVE-2021-43116

An Access Control vulnerability exists in Nacos 2.0.3 in the access prompt page; enter username and password, click on login to capture packets and then change the returned package, which lets a malic ...……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：96 | 回复：0
CVE-2022-31836

The leafInfo.match() function in Beego v2.0.3 and below uses path.join() to deal with wildcardvalues which can lead to cross directory risk.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：97 | 回复：0
CVE-2022-31770

IBM App Connect Enterprise Certified Container 4.2 could allow a user from the administration console to cause a denial of service by creating a specially crafted request. IBM X-Force ID: 228221.……

作者：菜鸟教程小白 | 时间：2022-7-8 08:05 | 阅读：106 | 回复：0